diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-09-20 22:23:06 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-09-20 22:23:06 +0200 |
| commit | a7c02304a56e29c0fd4833626ec692a6babcb269 (patch) | |
| tree | 8faf99cb5e786106c1c8ccfa5d2091e2759d2fb0 /phpBB/includes/message_parser.php | |
| parent | d6139846607a4fe3a13d5863b3fa6a52b1fe3c10 (diff) | |
| parent | f0afccb173fb728b6c70a8bd86c4d8869043581a (diff) | |
| download | forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar.gz forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar.bz2 forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar.xz forums-a7c02304a56e29c0fd4833626ec692a6babcb269.zip | |
Merge branch '3.2.x' into 3.3.x
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass } /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + + /** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) |